On Tue, May 29, 2012 at 12:30 PM, Henning Brauer <lists-open...@bsws.de> wrote: > * Peter J. Philipp <p...@centroid.eu> [2012-05-29 21:26]: >> 1. Make BGPD dump core > > it doesn't work that way due to bgpd dropping privs and chrooting. > the way involves setting kern.nosuidcoredump to 2, but since we have > all that already written down in an email to a non-public list, it'll > be easiest to make that available.
Roger. To paraphrase: in order for such a process to be able to dump core, do the following: ---- Create /var/empty/var/crash/ and chown it to the user that the [chroot'ed priv-sep'ed process] runs as, then set the kern.nosuidcoredump sysctl to 2. ---- Philip Guenther